1.5.7 Ensure DNS is servers are configured - nameserver 1

Information

The operating systems that are using DNS resolution, must have at least two name servers configured.

Rationale:

To provide availability for name resolution services, multiple redundant name servers are mandated. A failure in name resolution could lead to the failure of security functions requiring name resolution, which may include time synchronization, centralized authentication, and remote system logging.

Solution

Configure the operating system to use two or more name servers for DNS resolution.
Edit the /etc/resolv.conf file to uncomment or add the two or more nameserver option lines with the IP address of local authoritative name servers. If local host resolution is being performed, the /etc/resolv.conf file must be empty. An empty /etc/resolv.conf file can be created as follows:

# echo -n > /etc/resolv.conf

And then make the file immutable with the following command:

# chattr +i /etc/resolv.conf

If the /etc/resolv.conf file must be mutable, the required configuration must be documented with the Authorizing Official and the file must be verified by the system file integrity tool.

Notes:

This Benchmark recommendation maps to:

Red Hat Enterprise Linux 7 Security Technical Implementation Guide:

Version 2, Release: 3 Benchmark Date: 26 Apr 2019



Vul ID: V-72281

Rule ID: SV-86905r2_rule

STIG ID: RHEL-07-040600

Severity: CAT III

See Also

https://workbench.cisecurity.org/files/2688

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-20

Plugin: Unix

Control ID: c90fd247d206cee900c7f49b869626f14626706be6570592c3e775761b49ecde